#4602 [RFE] Offer OTP generation for host enrollment in the UI
Closed: Fixed None Opened 6 years ago by jcholast.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1146860

Description of problem:
Users are quite certain not to come up with random (high-entropy) passwords,
let alone with high-entropy one time passwords. IMHO IPA should at least offer
to generate OTPs for host enrollment in the UI, or if there are no
backward-compatibility concerns, use generation as a default method with custom
OTPs as a user-requested fallback

Version-Release number of selected component (if applicable):
ipa-server-3.0.0-37.el6.x86_64 / RHEL 6.5

How reproducible:

Steps to Reproduce:
1. add a host in the Web UI
2. set an Enrollment OTP for the host

Actual results:
user is requested to type and retype the password

Expected results:
user should be offered with generated OTP by default

Additional info:

I wonder if it would fly well with current Web UI - as password is generated during host addition, so the password would be known after the host creation is submitted.

Web UI may need to implement own random password generator to workaround it...

Not necessarily. We can add checkbox into adder dialog to send 'random=true' and then display 'randompassword' in the dialog along with success message. Ie. the dialog would not be closed in this case.

Not a priority for now. Patches welcome!

This is a basic workflow that junior admins using Web UI may leverage, while at the same time it should be really easy to do (just use --random flag and show the result).


  • 3b37e29 Add option to show OTP when adding host

Metadata Update from @jcholast:
- Issue assigned to pvomacka
- Issue set to the milestone: FreeIPA 4.4

4 years ago

Login to comment on this ticket.